CVE-2019-14697 security issue in alpine

[abhijeetkpawar]

The alpine variant 2.4.41-alpine reports 2 security issues of HIGH severity on Anchore analysis

The alpine base image has fixed this issue. Same need to be carried in httpd as well

[wglambert]

Our Alpine variants use the official-image of Alpine, which was last updated a month ago https://github.com/docker-library/official-images/pulls?utf8=✓&q=is%3Apr+label%3Alibrary%2Falpine

$ docker run --rm alpine:3.10 ldd
Unable to find image 'alpine:3.10' locally
3.10: Pulling from library/alpine
9d48c3bd43c5: Pull complete 
Digest: sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb
Status: Downloaded newer image for alpine:3.10
musl libc (x86_64)
Version 1.1.22
Dynamic Program Loader
Usage: /lib/ld-musl-x86_64.so.1 [options] [--] pathname

$ docker run --rm haproxy:alpine ldd
Unable to find image 'haproxy:alpine' locally
alpine: Pulling from library/haproxy
9d48c3bd43c5: Already exists 
cacea35ca16d: Pull complete 
644b384be15c: Pull complete 
Digest: sha256:59df1c944f287fec839f72bdc9446df74aa155a3cd8d966144e49b99ac5cb111
Status: Downloaded newer image for haproxy:alpine
musl libc (x86_64)
Version 1.1.22
Dynamic Program Loader
Usage: /lib/ld-musl-x86_64.so.1 [options] [--] pathname

[abhijeetkpawar]

Looks like docker-library/official-images#6437 has fixed this.

[wglambert]

That's an edge snapshot, which doesn't meet the expectation of being stable/dependable

Noticed this is a duplicate of docker-library/docker#186

Going to close in favor of alpinelinux/docker-alpine#34